I CLAIM: 




method of authenticating mobile user equipment in a mobile 
telecG^fnmunications network comprising the steps of: 

issing an authentication element forming at least part of an authentication 
vector, from a serving network to mobile user equipment, 

deciding in the user equipment based at least in part on the value of a 
predetermii^ied field contained in the authentication element, when to generate a 
termination message, and 

passing the termination message from the mobile user equipment to the 
serving netvork which message contains a value indicating that the serving 
network must obtain a further authentication vector before allowing the user 
equipment tD make further calls. 



2. A method 



according to claim 1, wherein the termination message is a 



predetermin(jd key set identity value. 

A method according to claim 1, wherein the predetermined field is an 
authentication Vnanagement field. 



A method according to claim 1 , wherein the said decision is taken based on the 
total call duration which has accumulated since the authentication element 



f 

0\pntaining the predetermined field was first received by the mobile user 
equipment. 

A method according to f claim 1, wherein the said decision is taken based on 
the time elapsed since the authentication element containing the predetermined 
field wks first received by the mobile user equipment. 

A method according to claim 1, wherein the said decision is taken based on the 
total nuniber of calls made since the authentication element containing the 
predetermined field was first received by the mobile user equipment. 

A SIM for mobile user equipment embodying the method steps of claim 1 . 

A method \ of authenticating mobile user equipment in a mobile 
telecommuniaations network comprising the steps of: 

requestijng service fi-om a serving network to which the user equipment is 
not directly subscribed, 

passing the request for service from the serving network to a home operator 
network to whicla the user equipment is directly subscribed, 

generating! an authentication vector in the home operator network which 
includes an authentication management field, 
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pUssing the authentication vector from the home operator network to the 
serving network, 

passing an authentication element forming at least part of the authentication 
vector from the serving network to the user equipment, 

extracting in the user equipment an authentication management field from 
the authentication element, 

generating in response at least to a predetermined value of the 
authentication management field, a predetermined key set identifier, and 

passing the key set identifier to the serving network. 



A method acc^ 



least in part on 
element, when 



Tding to claim 8, including deciding in the user equipment based at 



the value of a predetermined field contained in the authentication 
to generate a key set identifier which contains a value indicating 
that the serving network must obtain a fixrther authentication vector before 
allowing the us er equipment to make fiirther calls. 



A method according to claim 9, wherein the said decision is taken based on the 
total call dura ion which has accumulated since the authentication element 



containing the 



equipment. 



predetermined field was first received by the mobile user 
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1 1\ A method according to claim 9, wherein the said decision is taken based on the 
time elapsed since the authentication element containing the predetermined field 
Was first received by the mobile user equipment. 

12. A method according to claim 9, wherein the said decision is taken based on the 
total number of calls made since the authentication element containing the 
predetermined field was first received by the mobile user equipment. 

13. MobileViser equipment for use in a mobile telecommunications network including 
means for receiving firom a serving network, an authentication element forming at 
least part\of an authentication vector, decision means for deciding in the user 
equipment\based at least in part on the value of a predetermined field contained in 
the authentication element, when to generate a termination message, and means 
for passing tne termination message fi:-om the mobile user equipment to the serving 
network which message contains a value indicating that the serving network must 
obtain a fiirthef authentication vector before allowing the user equipment to make 
ftirther calls. 



14. Mobile user equipment according to claim 13, including accumulator means for 
monitoring the total call duration which has accumulated since the authentication 
element containing the predetermined field was first received by the mobile user 
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iquipment and providing a value representative of the said total call duration to the 
llecision means. 



15. Mfflbile user equipment according to claim 13, including timer means for 




mqasuring the time elapsed since the authentication element containing the 
prepetermined field was first received by the mobile user equipment and providing 



a value representative of the said elapsed time to the decision means. 

16. Mobile user equipment according to claim 13, including counter means for 
counting the total number of calls made since the authentication element 
conU ining the predetermined field was first received by the mobile user equipment 
and providing a value representative of the said total call number to the decision 
means. 



